stm32 /stm32h7rs /STM32H7S /SAES /SAES_CR

SAES enable This bit enables/disables the SAES peripheral: At any moment, clearing then setting the bit re-initializes the SAES peripheral. This bit is automatically cleared by hardware upon the completion of the key preparation (Mode 2) and upon the completion of GCM/GMAC/CCM initial phase. The bit cannot be set as long as KEYVALID = 0 nor along with the following settings: KMOD[1:0] = 01 + CHMOD[2:0] = 011 and KMOD[1:0] = 01 + CHMOD[2:0] = 010 + MODE[1:0] = 00. Note: With KMOD[1:0] other than 00, use the IPRST bit rather than the bit EN.

0 (B_0x0): Disable

1 (B_0x1): Enable

Data type selection This bitfield defines the format of data written in the SAES_DINR register or read from the SAES_DOUTR register, through selecting the mode of data swapping: For more details, refer to Section 32.4.15: SAES data registers and data swapping. Attempts to write the bitfield are ignored when the BUSY flag of SAES_SR register is set, as well as when the EN bit of the SAES_CR register is set before the write access and it is not cleared by that write access.

0 (B_0x0): None

1 (B_0x1): Half-word (16-bit)

2 (B_0x2): Byte (8-bit)

3 (B_0x3): Bit

SAES operating mode This bitfield selects the SAES operating mode: Attempts to write the bitfield are ignored when the BUSY flag of SAES_SR register is set, as well as when the EN bit of the SAES_CR register is set before the write access and it is not cleared by that write access.

0 (B_0x0): Mode 1: encryption

1 (B_0x1): Mode 2: key derivation (or key preparation for ECB/CBC decryption)

2 (B_0x2): Mode 3: decryption

3 (B_0x3): FIELD Reserved

CHMOD[1:0]: Chaining mode selection This bitfield selects the AES chaining mode: others: Reserved Attempts to write the bitfield are ignored when the BUSY flag of SAES_SR register is set, as well as when the EN bit of the SAES_CR register is set before the write access and it is not cleared by that write access.

0 (B_0x0): Electronic codebook (ECB)

1 (B_0x1): Cipher-block chaining (CBC)

2 (B_0x2): Counter mode (CTR)

3 (B_0x3): Galois counter mode (GCM) and Galois message authentication code (GMAC)

DMA input enable This bit enables/disables data transferring with DMA, in the input phase: When the bit is set, DMA requests are automatically generated by SAES during the input data phase. This feature is only effective when Mode 1 or Mode 3 is selected through the MODE[1:0] bitfield. It is not effective for Mode 2 (key derivation).

0 (B_0x0): Disable

1 (B_0x1): Enable

DMA output enable This bit enables/disables data transferring with DMA, in the output phase: When the bit is set, DMA requests are automatically generated by SAES during the output data phase. This feature is only effective when Mode 1 or Mode 3 is selected through the MODE[1:0] bitfield. It is not effective for Mode 2 (key derivation).

0 (B_0x0): Disable

1 (B_0x1): Enable

GCM or CCM phase selection This bitfield selects the phase of GCM, GMAC or CCM algorithm: The bitfield has no effect if other than GCM, GMAC or CCM algorithms are selected (through the ALGOMODE bitfield).

0 (B_0x0): Init phase

1 (B_0x1): Header phase

2 (B_0x2): Payload phase

3 (B_0x3): Final phase

CHMOD[2]

Key size selection This bitfield defines the length of the key used in the SAES cryptographic core, in bits: When KMOD[1:0] = 01 or 10 KEYSIZE also defines the length of the key to encrypt or decrypt. Attempts to write the bit are ignored when the BUSY flag of SAES_SR register is set, as well as when the EN bit of the SAES_CR register is set before the write access and it is not cleared by that write access.

0 (B_0x0): 128

1 (B_0x1): 256

Number of padding bytes in last block The bitfield sets the number of padding bytes in last block of payload: …

0 (B_0x0): All bytes are valid (no padding)

1 (B_0x1): Padding for one least-significant byte of last block

15 (B_0xF): Padding for 15 least-significant bytes of last block

Key mode selection

0 (B_0x0): Normal key

1 (B_0x1): Wrapped key

2 (B_0x2): Shared key

Key share identification This bitfield defines, at the end of a decryption process with KMOD[1:0] = 10 (shared key), which target can read the SAES key registers using a dedicated hardware bus. Others: Reserved Attempts to write the bitfield are ignored when the BUSY flag of SAES_SR register is set, as well as when the EN bit of the SAES_CR register is set before the write access and it is not cleared by that write access.

0 (B_0x0): CRYP peripheral

Key selection The bitfield defines the source of the key information to use in the AES cryptographic core. Others: Reserved (if used, unfreeze SAES with IPRST) When KEYSEL is different from zero, selected key value is available in key registers when BUSY bit is cleared and KEYVALID is set in the SAES_SR register. Otherwise, the key error flag KEIF is set. Repeated writing of KEYSEL[2:0] with the same non-zero value only triggers the loading of DHUK or BHK if KEYVALID = 0. When the application software changes the key selection by writing the KEYSEL[2:0] bitfield, the key registers are immediately erased and the KEYVALID flag cleared. At the end of the decryption process, if KMOD[1:0] is other than zero, KEYSEL[2:0] is cleared. Attempts to write the bitfield are ignored when the BUSY flag of SAES_SR register is set, as well as when the EN bit of the SAES_CR register is set before the write access and it is not cleared by that write access.

0 (B_0x0): Software key, loaded in key registers SAES_KEYx

1 (B_0x1): Derived hardware unique key (DHUK)

2 (B_0x2): Boot hardware key (BHK)

3 (B_0x3): Application hardware key (AHK)

4 (B_0x4): XOR of DHUK and BHK

5 (B_0x5): XOR of DHUK and AHK

7 (B_0x7): Test mode key (256-bit hardware constant 0xA5A5…A5A5)

SAES peripheral software reset Setting the bit resets the SAES peripheral, putting all registers to their default values, except the IPRST bit itself and the SAES_DPACFG register. Hence, any key-relative data is lost. For this reason, it is recommended to set the bit before handing over the SAES to a less secure application. The bit must be low while writing any configuration registers.